1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
|
.\" $OpenBSD: ntpd.conf.5,v 1.32 2015/08/28 02:59:29 deraadt Exp $
.\"
.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: August 28 2015 $
.Dt NTPD.CONF 5
.Os
.Sh NAME
.Nm ntpd.conf
.Nd Network Time Protocol daemon configuration file
.Sh DESCRIPTION
This manual page describes the format of the
.Xr ntpd 8
configuration file.
.Pp
.Nm
has the following format:
.Pp
Empty lines and lines beginning with the
.Sq #
character are ignored.
.Pp
Keywords may be specified multiple times within the configuration file.
The basic configuration options are as follows:
.Bl -tag -width Ds
.It Xo Ic listen on Ar address
.Op Ic rtable Ar table-id
.Xc
Specify a local IP address or a hostname the
.Xr ntpd 8
daemon should listen on.
If it appears multiple times,
.Xr ntpd 8
will listen on each given address.
If
.Sq *
is given as an address,
.Xr ntpd 8
will listen on all local addresses using the specified routing table.
.Xr ntpd 8
does not listen on any address by default.
The optional
.Ic rtable
keyword will specify which routing table to listen on.
By default
.Xr ntpd 8
will listen using the current routing table.
For example:
.Bd -literal -offset indent
listen on *
.Ed
.Pp
or
.Bd -literal -offset indent
listen on 127.0.0.1
listen on ::1
listen on 127.0.0.1 rtable 4
.Ed
.It Xo Ic sensor Ar device
.Op Ic correction Ar microseconds
.Op Ic weight Ar weight-value
.Op Ic refid Ar string
.Op Ic stratum Ar stratum-value
.Xc
Specify a timedelta sensor device
.Xr ntpd 8
should use.
The sensor can be specified multiple times:
.Xr ntpd 8
will use each given sensor that actually exists.
Non-existent sensors are ignored.
If
.Sq *
is given as device name,
.Xr ntpd 8
will use all timedelta sensors it finds.
.Xr ntpd 8
does not use any timedelta sensor by default.
For example:
.Bd -literal -offset indent
sensor *
sensor nmea0
.Ed
.Pp
An optional correction in microseconds can be given to compensate
for the sensor's offset.
The maximum correction is 127 seconds.
For example, if a DCF77 receiver is lagging 70ms behind
actual time:
.Bd -literal -offset indent
sensor udcf0 correction 70000
.Ed
.Pp
The optional
.Ic weight
keyword permits finer control over the relative importance
of time sources (servers or sensor devices).
Weights are specified in the range 1 to 10;
if no weight is given,
the default is 1.
A server with a weight of 5, for example,
will have five times more influence on time offset calculation
than a server with a weight of 1.
.Pp
An optional reference ID string - up to 4 ASCII characters - can be
given to publish the sensor type to clients.
RFC 2030 suggests some common reference identifiers, but new identifiers
"can be contrived as appropriate."
If an ID string is not given,
.Xr ntpd 8
will use a generic reference ID.
For example:
.Bd -literal -offset indent
sensor nmea0 refid GPS
.Ed
.Pp
A stratum value other than the default of 1 can be assigned using
the stratum keyword.
.It Xo Ic server Ar address
.Op Ic weight Ar weight-value
.Op Ic rtable Ar table-id
.Xc
Specify the IP address or the hostname of an NTP
server to synchronize to.
If it appears multiple times,
.Xr ntpd 8
will try to synchronize to all of the servers specified.
The
.Cm rtable
option specifies which routing table should be used for connection attempts.
Hostname resolution will still happen using the default routing table.
If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
.Xr ntpd 8
uses the first address.
If it does not get a reply,
.Xr ntpd 8
retries with the next address and continues to do so until a working address
is found.
For example:
.Bd -literal -offset indent
server 10.0.0.2 weight 5
server ntp.example.org weight 1 rtable 4
.Ed
.Pp
To provide redundancy, it is good practice to configure multiple servers.
In general, best accuracy is obtained by using servers that have a low
network latency.
.It Xo Ic servers Ar address
.Op Ic weight Ar weight-value
.Op Ic rtable Ar table-id
.Xc
As with
.Cm server ,
specify the IP address or hostname of an NTP server to synchronize to.
If it appears multiple times,
.Xr ntpd 8
will try to synchronize to all of the servers specified.
Should the hostname resolve to multiple IP addresses,
.Xr ntpd 8
will try to synchronize to all of them.
For example:
.Bd -literal -offset indent
servers pool.ntp.org
servers pool.ntp.org rtable 5
.Ed
.El
.Sh CONSTRAINTS
.Xr ntpd 8
can be configured to query the
.Sq Date
from trusted HTTPS servers via TLS.
This time information is not used for precision but acts as an
authenticated constraint,
thereby reducing the impact of unauthenticated NTP
man-in-the-middle attacks.
Received NTP packets with time information falling outside of a range
near the constraint will be discarded and such NTP servers
will be marked as invalid.
.Bl -tag -width Ds
.It Ic constraint from Ar url
Specify the URL, IP address or the hostname of an HTTPS server to
provide a constraint.
If
.Ic constraint from
is used more than once,
.Xr ntpd 8
will calculate a median constraint from all the servers specified.
.Bd -literal -offset indent
server ntp.example.org
constraint from www.example.com
.Ed
.It Ic constraints from Ar url
As with
.Ic constraint from ,
specify the URL, IP address or the hostname of an HTTPS server to
provide a constraint.
Should the hostname resolve to multiple IP addresses,
.Xr ntpd 8
will calculate a median constraint from all of them.
For example:
.Bd -literal -offset indent
servers pool.ntp.org
constraints from "https://www.google.com/"
.Ed
.El
.Sh FILES
.Bl -tag -width "/etc/ntpd.confXXX" -compact
.It Pa /etc/ntpd.conf
default
.Xr ntpd 8
configuration file
.El
.Sh SEE ALSO
.Xr ntpctl 8 ,
.Xr ntpd 8 ,
.Xr sysctl 8
.Sh HISTORY
The
.Nm
file format first appeared in
.Ox 3.6 .
.Sh CAVEATS
When using different
.Cm rtable
options,
.Xr ntpd 8
must be started in rtable 0.
|